hawkeye | ab3c113121c1fdfde39a4ce53d6f38490f6393d847d14e727aa5260594e88c79 | Triage

Submit
Reports

Overview

overview

Static

static

d8c4f0bb55...a9.exe

windows7_x64

d8c4f0bb55...a9.exe

windows10_x64

Sharing

General

Target

d8c4f0bb55040ead44e31a083886baa9
Size

1.1MB
Sample

201117-3zmq8csnja
MD5

2a1c75e5e80e13efb9f8e98044bb44c8
SHA1

7a4a2199dbfe00d57114e8378869277b3afa728d
SHA256

ab3c113121c1fdfde39a4ce53d6f38490f6393d847d14e727aa5260594e88c79
SHA512

bbb7ac2a84358cb155927922da87ce3f456afa783f049977c250b68342c17a1080bad9e4c1854af38b06f6da5e9548260cdc0390b84dbfc3a0f06cf7b63c38e6

Score

10^/10

hawkeye keylogger persistence spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

d8c4f0bb55040ead44e31a083886baa9.exe

Resource

win7v20201028

hawkeye keylogger persistence spyware stealer trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

d8c4f0bb55040ead44e31a083886baa9.exe

Resource

win10v20201028

hawkeye keylogger persistence spyware stealer trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.casalsmd.com
Port:
587
Username:
carolina@casalsmd.com
Password:
Carolina123

Targets

- Target
  
  d8c4f0bb55040ead44e31a083886baa9
- Size
  
  1.1MB
- MD5
  
  2a1c75e5e80e13efb9f8e98044bb44c8
- SHA1
  
  7a4a2199dbfe00d57114e8378869277b3afa728d
- SHA256
  
  ab3c113121c1fdfde39a4ce53d6f38490f6393d847d14e727aa5260594e88c79
- SHA512
  
  bbb7ac2a84358cb155927922da87ce3f456afa783f049977c250b68342c17a1080bad9e4c1854af38b06f6da5e9548260cdc0390b84dbfc3a0f06cf7b63c38e6
Score

10^/10

hawkeye keylogger persistence spyware stealer trojan upx
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyekeyloggerpersistencespywarestealertrojanupx

behavioral2

hawkeyekeyloggerpersistencespywarestealertrojanupx

© 2018-2024

Terms | Privacy